Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-13 | CVE-2017-0356 | Improper Authentication vulnerability in multiple products A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. | 9.8 |
| 2018-04-13 | CVE-2016-9646 | Improper Authentication vulnerability in multiple products ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. | 5.3 |
| 2018-04-10 | CVE-2014-3999 | Improper Authentication vulnerability in Horde Ldap The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. | 8.1 |
| 2018-04-05 | CVE-2016-8380 | Improper Authentication vulnerability in Phoenixcontact ILC Plcs Firmware The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. | 7.3 |
| 2018-04-05 | CVE-2016-8371 | Improper Authentication vulnerability in Phoenixcontact ILC Plcs Firmware The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. | 7.3 |
| 2018-04-04 | CVE-2018-1082 | Improper Authentication vulnerability in Moodle A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. | 8.1 |
| 2018-04-04 | CVE-2018-6873 | Improper Authentication vulnerability in Auth0 Auth0.Js The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated. | 9.8 |
| 2018-04-04 | CVE-2018-9249 | Improper Authentication vulnerability in Fiberhome Vdsl2 Modem HG 150-Ub Firmware FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request. | 9.8 |
| 2018-04-04 | CVE-2018-9248 | Improper Authentication vulnerability in Fiberhome Vdsl2 Modem HG 150-Ub Firmware FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header. | 9.8 |
| 2018-03-30 | CVE-2018-9148 | Improper Authentication vulnerability in Westerndigital MY Cloud Firmware 04.05.00320 Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. | 9.8 |